This is an update on my privacy setup since my last post. Yeah, I know WhatsApp belongs to Meta and is handing over all my data to the US, Israel, Iran, China, the Vatican, and Mars, but for personal reasons, I can’t ditch it right now. How can I improve my setup?
Uber???
Serious suggestion - install Shelter and move both WhatsApp and Uber into your work profile. That has a number of advantages - keeping them away from your contacts and gives you the ability to suspend all closed source apps with a single click.
Man, I tried using Shelter, but I didn’t have a good first impression of it. I went to download it and saw that it seemed to have a pretty simple design, but what caught my eye was the fact that it was last updated almost 3 years ago. I hesitated for a moment but tried to ignore that and went ahead and installed it: when I went to use it, it bundled about 6 apps without me asking, the app I actually wanted to bundle stopped working, and the others it bundled without my permission became extremely slow. Not only that, but my whole phone in general got really sluggish, lagging and all that. I didn’t have a good experience with it and I don’t plan on using it again.
Also something like Tracker Control in the shelter profile.
Is there really that much advantage to isolating these apps in a work profile? I’ve been using them under a work profile for a while now and I see not much point to it since I never practically disable them for concern over missing out on important notifications. They have as much access to device APIs as they do in the personal profile anyways so they can track my phone just as well. It just becomes inconvenient moving content between both profiles.
When I used it on GrapheneOS, it was to ensure untrusted apps (especially banking apps requiring Google Play Services) no longer remaining active after using them; but if you never close the work profile, they indeed remain active. But it’s a good measure regardless: to ensure you don’t accidentally give WhatsApp or whatever, permission to personal media; even if it means added inconvenience (which is the most common trade-off with privacy).
Which phone and message app are you using? I also don’t see a way to view photos or files and which camera app?
Obviously GrapheneOS is the best way to go for privacy but if you do stick to OEM Android then make sure you’re using apps like the Fossify suite. I use their apps with all contacts and calendar synced via davx and self hosted on Nextcloud.
What about KeePass, where is that data backed up?
KeePass is a password manager that doesn’t store your data in the cloud (like Bitwarden), meaning it doesn’t need internet access to work (though that doesn’t matter much to me, since I use a Motorola and can’t restrict its network access like I would if I could afford a Pixel and install Graphene). In KeePass, your passwords are kept in a file that is YOUR responsibility; as long as you have the file, all your passwords are safe (but of course, you also need the master password to access the others, and if you want, you can add other security methods to make it harder to get into your vault).
Consider dumping keepass for bitwarden.
If you’re using the password manager correctly, you will only use the password manager and have all different, impossible to remember and keep track of combinations of passwords and logins.
So losing access to the password manager would be catastrophic.
A tool like keepass relies on the user to not lose access to the password managers data, but many events far outside of the users control can happen. Natural disasters, confiscation and even good ol’ user error can lose access for the most careful users and cause seriously problematic situations.
A trustworthy cloud based option can close that hole and make very difficult situations much easier.
“My phone and computer were lost in a flood or fire. In order to receive aid or access assistance I need access to the credentials on them.”
“My phone and computer were confiscated by the authorities. They are locked and encrypted, but now I don’t have access to my credentials”
“Oops, I made a mistake!”
You almost certainly are better served by using a trustworthy service like Bitwarden that allows you to still do your shit in these situations.
I understand your concerns, but none of them really affect me. I live in a country located in the center of a tectonic plate, which makes it very difficult for natural disasters to occur; for example, high-magnitude earthquakes have never happened here, and tsunamis have never occurred within the territory either—at most on the country’s coast in 2004, but I don’t live on the coast or in a flood-prone area. The reason I’m protecting myself regarding privacy issues isn’t to hide from the government, but if it were, one of the things I’d worry about least would be keeping my passwords secure. What might happen is that I could lose the password file, but I already keep it on three different devices; if I lose two at the same time, I’d still have one with the file. In the end, both KeePass and Bitwarden have their issues; for instance, if Bitwarden’s servers were attacked, the passwords in the cloud would be at risk (although I know they have some extra protections in case that happens).
I live in an area I would describe the same as you described yours.
Each example given are things that I experienced.
Be safe out there.
I’m so sorry you went through that, but there’s really no way a massive disaster could happen where I live; like I said, the country is right in the middle of a tectonic plate.
You can self-host Bitwarden via the excellent Vaultwarden server. Bitwarden can be used offline too since the vaults are also synced locally.
I know that, but lately I’ve been preferring to use KeePass (plus I have terrible memories involving self-hosting; I don’t know anything about it and I can’t self-host anything, whether it’s due to a lack of knowledge or a lack of resources).
Keepass can replace Aegis for TOTP
I didn’t know that, but security-wise, wouldn’t it still be better to use Aegis? 2FA is meant to provide extra security in case your password is compromised; this means that if someone gets into your password manager, they still wouldn’t be able to access your accounts because of the 2FA. But if you put your 2FA inside the password manager, that just makes it easier to access your accounts, right? Anyway, I found that information interesting, I had no idea. Thanks!
Older pixel phones run relatively cheap if you don’t mind having an older model. Mine was still locked by my ISP, but I used their insurance plan and they sent me an unlocked one lol
It’s not about the price; I’d buy a current Pixel if it were sold in my country, but importing one from somewhere else would be really expensive.
Ahh that sucks
Yeah
Format the phone and install GraphineOS.
Play store means you’re still using Google. Google is the largest vacuum of user data.
Uber records your location data.
Also unless you’re under 10, Roblox kinda cringe. This one is just a personal opinion. I don’t know how bad it is with respects to privacy.
I can’t format my phone and install GrapheneOS since my phone is a Motorola, not a Google Pixel. I need Uber and the Play Store, there’s not much I can do about that. “roblox linda cringe” isn’t a good reason to uninstall it for privacy reasons.
You can have a look at Roblox’s Exodus report, if you’re curious about the trackers/permissions. https://reports.exodus-privacy.eu.org/en/reports/729804/
that’s interesting; a good reason, I already had plans to remove Roblox from my phone, thanks for giving me more reasons (this time plausible reactions)
And it has no LineageOS either?
I’m currently stuck with stock too, but at least with uad-ng, you can remove/freeze the offenders (or root it and also get a firewall).
Careful: Play Store itself can not be removed, only frozen; you’ll get a boot loop otherwise.
And in case of the Xperia 10, i’ve had to replace the stock dialer (phone app) with the fossify one, since it and a few useless sony apps got crazy about missing Play Services.unfortunately there’s no LineageOS for my Motorola either, I really looked for many privacy-focused operating systems and none of them run on my Motorola
Here is the link to UAD-ng: https://github.com/Universal-Debloater-Alliance/universal-android-debloater-next-generation/
